setgid() sets the effective group ID of the calling process. If the
calling process is privileged (has the CAP_SETGID capability in its
user namespace), the real GID and saved set-group-ID are also set.
Under Linux, setgid() is implemented like the POSIX version with the
_POSIX_SAVED_IDS feature. This allows a set-group-ID program that is
not set-user-ID-root to drop all of its group privileges, do some un-
privileged work, and then reengage the original effective group ID in
a secure manner.

EINVAL The group ID specified in gid is not valid in this user
namespace.
EPERM The calling process is not privileged (does not have the
CAP_SETGID capability), and gid does not match the real group
ID or saved set-group-ID of the calling process.

The original Linux setgid() system call supported only 16-bit group
IDs. Subsequently, Linux 2.4 added setgid32() supporting 32-bit IDs.
The glibc setgid() wrapper function transparently deals with the
variation across kernel versions.
C library/kernel differences
At the kernel level, user IDs and group IDs are a per-thread
attribute. However, POSIX requires that all threads in a process
share the same credentials. The NPTL threading implementation
handles the POSIX requirements by providing wrapper functions for the
various system calls that change process UIDs and GIDs. These
wrapper functions (including the one for setgid()) employ a signal-
based technique to ensure that when one thread changes credentials,
all of the other threads in the process also change their
credentials. For details, see nptl(7).

This page is part of release 4.13 of the Linux man-pages project. A
description of the project, information about reporting bugs, and the
latest version of this page, can be found at
https://www.kernel.org/doc/man-pages/.
Linux 2017-09-15 SETGID(2)